Class CrossOriginEmbedderPolicyRequestCycleListener

All Implemented Interfaces:

Sets Cross-Origin Embedder Policy (COEP) headers on the responses based on the mode specified by CrossOriginEmbedderPolicyConfiguration. COEP can be enabled in REPORTING mode which will set the headers as Cross-Origin-Embedder-Policy-Report-Only or ENFORCING mode which will set the header as Cross-Origin-Embedder-Policy. The header is not set for the paths that are exempted from COEP. The only valid value of COEP is require-corp, so if the listener is enabled the policy value will be specified as so.

COEP prevents a document from loading any non-same-origin resources which don't explicitly grant the document permission to be loaded. Using COEP and COOP together allows developers to safely use powerful features such as SharedArrayBuffer, performance.measureMemory(), and the JS Self-Profiling API.See CrossOriginOpenerPolicyRequestCycleListener for instructions on how to enable COOP. Read more about cross-origin isolation on

Santiago Diaz -, Ecenaz Jen Ozmen -
See Also: